I have video site with nodejs as backend. Video is public for everyone so API is also public. This is the problem, they can view API and change params to get more data. I want to protect it from data leaking, spam or crawl.
I want to make each API is unique, each time user send a request, API will return data once. If he visit this API URL again, no data returned. If he refresh page, new API URL is being generated and give him data once. It look like this site
How do I do this?
CodePudding user response:
If I got you right, you would like to send a link to a specific user and this link should only be called once. Here a basic concept:
- you create a function that creates a unique ID and then you store the unique ID together with the location of the resource. This resource then should not be reachable from outside (not in a public directory)
- you create a route like
FQDN/get/:id
where "id" is the unique ID. - when handling the request, you search in your storage/DB if you find the unique ID, then you know, where the resource is located. You now need to do two things:
- invalidate the unique ID (removing it from the storage/DB) and
- serving the resource from its non pblic location.
- if the unique ID is no longer in your storage (DB), you just return null
One problem you might need to tackle: e.g. if you type in a certain url in a the browser, it makes a prefetch while you type it. Which means, that there are situations where a link then is called more then one time.